140 likes | 296 Views
Enriched Trusted Platform and its Application on DRM. Yongdong Wu, and Feng Bao. 吴永东 , 鲍丰 . Cryptography and Security Department Institute for Infocomm Research, Singapore Oct. 16, 2008. Content. Background Overview of TPM Related work Enhanced TPM structure DRM Application
E N D
Enriched Trusted Platform and its Application on DRM Yongdong Wu, and Feng Bao 吴永东, 鲍丰 Cryptography and Security Department Institute for Infocomm Research, Singapore Oct. 16, 2008
Content • Background • Overview of TPM • Related work • Enhanced TPM structure • DRM Application • DRM structure • Expiry control • Software upgrading • Discussion • Security • Performance • Conclusion
Background TPM component Transitive trust • Processor • Cryptographic engine • Non-volatile memory • Tamper control circuitry • Non-volatile storage space • Hardware RNG • Real-time clock
Objectives Design an Environment for • Coexistence oftrusted and non-trusted processes • Guaranteed integrity and confidentiality of the process environment,e.g., private memoryspace of an application • Backward compatibility: The trusted application such as DRM application can open any authorized documentdespite of software upgrading
Related work • Property attestation • Replace the binary attestation with property-based attestation so as to attest security requirements without revealing the specific software and hardware configuration. • Enhance boot loader by translating binary measurements into properties, allowing to attest properties of unmodified operating systems loaded. it is not clear how to map software variants to properties. • Visualization • Tree of Trust: Tree nodes represent the various platform components, from the hardware TPM up to the running applications, annotated with trust and security statements. • TRM (Trusted Reference Monitor) • TRM seals secrets and policies so that it can enforce the policies correctly without disclosing the secrets. TRM does not handle legacy applications, but trusted applications only.
Enriched architecture SPM: Secure Process Manager
Workflow • Before loading an application A, SPM verifiesA based on its signature. • PKI infrastructure. A is produced by a softwarecompany who has certificate. • Whenever the software producer upgrades A, it shouldgenerate a new signature of the new application A. • To attest application A to a remote party, local SPM willattest A first, and then sign the description of Aso that the remote party can trust A.
DRM Application - Usage Ctrl • Number of usage • App reads the license file and extracts the number Ue of legal usages. • App reads the number of counter U from sealed storage. • If U<Ue, App renders the protected document, otherwise, reject the access. If rendering correct, U U+1. • Expiry control • Employ the real-time clock • Virtual clock
Software up-gradation Document D DRM application A D1 A1 Di= Encrypt(Ki, D) Ki=Hashv-i(Kv) A, v, Kv Dv Av X Dv+1 AV DI
Document delivery process M=(Appname, cert, version v)
Security analysis • Trusted booting • The kernel including SPM is booted in a trusted way. • Anti-abuse attack • Threat: Load A with loader such as debugger • Countermeasure: Application A is authentically loaded by SPM, SPM will authenticate A to prevent tamperingA. • Anti-replay attack: • Challenge-response protocol in the document delivery process. • Key refreshing: • Threat: Hack the secret key and forge a new software to obtain all the past and future documents. • Countermeasure: employ hash chain to refresh the software periodically such that the adversary has to “break one by one”, other than “break one, break all”.
Performance • Kernel-level SPM • Prompt response • Robustness against tampering: administrator priority and difficult in kernel-level debugger. • Universal software • SPM can separate trusted applications from legacy ones such that the later can co-exist on the same computer without disturbing the former. • Simplified remote attestation • SPM authenticates the application Alocally, and asks the verifier to check the suitability of the software versions and producer.
Conclusion A new structure which Enriches OS kernel with software module SPM: • Enable to handle software attestation request locally. • Ensure secure software updating in a simple way. • Apply SPM for DRM application. • DRM scheme enables to share documents transparently, • but enforce usage control with the off-the-shelf TPM chip.